Restrict access to other user conversations (#32)

main.wasp

@@ -91,6 +91,7 @@ entity User {=psl
 
   externalAuthAssociations  SocialLogin[]
   chats    Chat[]
+  conversations    Conversation[]
 psl=}
 // relatedObject             RelatedObject[] - add in line 86
 entity SocialLogin {=psl
@@ -130,6 +131,8 @@ entity Conversation {=psl
     updatedAt                 DateTime        @updatedAt
     chat        Chat?    @relation(fields: [chatId], references: [id])
     chatId      Int?
+    user        User?    @relation(fields: [userId], references: [id])
+    userId      Int?
 psl=}
 
 

migrations/20231116051633_add_user_id_to_conversation_model/migration.sql

@@ -0,0 +1,5 @@
+-- AlterTable
+ALTER TABLE "Conversation" ADD COLUMN     "userId" INTEGER;
+
+-- AddForeignKey
+ALTER TABLE "Conversation" ADD CONSTRAINT "Conversation_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;

src/server/actions.ts

@@ -180,6 +180,7 @@ export const createChat: CreateChat<void, Conversation> = async (_args, context)
         },
     ],
       chat: { connect: { id: chat.id } },
+      user: { connect: { id: context.user.id } },
     },
   });
 }

src/server/queries.ts

@@ -45,7 +45,7 @@ export const getConversations: GetConversations<GetConversationPayload, Conversa
     throw new HttpError(401);
   }
   return context.entities.Conversation.findFirstOrThrow({
-    where: { chatId: args.chatId },
+    where: { chatId: args.chatId, userId: context.user.id },
   })
 }